Security & Compliance - StratEngine AI Enterprise-Grade Data Protection

How does StratEngine AI protect strategic data?

StratEngine AI protects C-suite strategy briefs, investment memos, market research, and proprietary business frameworks with security infrastructure built on independently certified platforms. From annual strategic plans to investment diligence memos, StratEngine treats strategic data with AES-256 encryption at rest, TLS 1.2+ in transit, hard tenant isolation enforced at the database layer, and zero data retention on the AI models behind the analysis. Security is the foundational architecture protecting SWOT Analysis data, Porter's Five Forces competitive intelligence, Blue Ocean Strategy market insights, and McKinsey 7-S Framework organizational assessments for management consulting firms, corporate strategy teams, and investors vetting deals.

What security certifications does StratEngine AI have?

StratEngine maintains three independent security certifications: one at the application layer that we hold directly, and two inherited from the certified platforms StratEngine runs on. CASA Tier 2 covers the StratEngine application itself. ISO 27001:2022 is inherited from Google Cloud, our compute layer. SOC 2 Type II is inherited from Supabase, our database layer. The distinction matters for procurement: we are certified at the app, and the stack underneath was already audited.

What is CASA Tier 2 certification for StratEngine AI?

StratEngine is certified to CASA Tier 2: a third-party-assessed control set built on the OWASP Application Security Verification Standard, the same bar Google requires of apps handling financial, health, and other sensitive data. This certification is ours, on the StratEngine application itself. CASA Tier 2 verifies StratEngine implements comprehensive application security controls protecting SWOT Analysis data, Porter's Five Forces competitive intelligence, and Blue Ocean Strategy market insights from unauthorized access, data breaches, and security vulnerabilities. Management consultants, Fortune 500 strategy teams, and investors evaluating strategic planning software for handling confidential deliverables and proprietary frameworks rely on CASA Tier 2 certification as evidence of application-layer security rigor.

What is StratEngine AI's ISO 27001 posture?

StratEngine's compute layer runs on Google Cloud, which is independently certified to ISO 27001:2022 across the platforms StratEngine uses. ISO 27001 is inherited from Google Cloud, not held by StratEngine directly. The standard covers risk assessment, security controls implementation, and continuous monitoring of the underlying infrastructure StratEngine is built on. Management consultants using StratEngine for client strategy projects benefit from ISO 27001 certified infrastructure protecting McKinsey 7-S Framework assessments, PESTLE Analysis market data, and Galbraith Star Model organizational designs. Corporate strategy teams at Fortune 500 organizations and investors handling sensitive deal flow operate on ISO 27001 certified compute.

What is StratEngine AI's SOC 2 Type II posture?

StratEngine's database layer runs on Supabase, which is SOC 2 Type II certified for security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II is inherited from Supabase, not held by StratEngine directly. Type II verifies controls operate effectively over an extended audit window, not at a single moment in time. This continuous verification ensures the infrastructure protecting SWOT Analysis frameworks, Porter's Five Forces competitive assessments, and Blue Ocean Strategy market insights consistently meets the standard throughout data storage and processing. Professional services firms and Fortune 500 strategy teams rely on SOC 2 Type II as evidence of sustained data protection rather than a point-in-time snapshot.

How does StratEngine AI encrypt strategic data?

What encryption does StratEngine AI use for data at rest?

StratEngine uses AES-256 encryption for data at rest, protecting strategy briefs, framework outputs, investment analyses, and cited sources stored in the database with the same key strength US federal agencies use for classified information and financial institutions use to protect customer financial data. Strategic planning documents including SWOT Analysis frameworks, Porter's Five Forces assessments, McKinsey 7-S Framework organizational designs, and Blue Ocean Strategy market insights remain encrypted in StratEngine's database using AES-256 encryption. Management consultants and Fortune 500 strategy teams storing confidential client deliverables and proprietary strategic frameworks in StratEngine benefit from AES-256 encryption preventing unauthorized access to strategic planning data even if storage systems are compromised.

What encryption does StratEngine AI use for data in transit?

StratEngine uses TLS 1.2 or higher for data in transit. Every byte between your browser and our servers travels over TLS 1.2 or 1.3, with forward secrecy. Legacy SSL and TLS 1.0 / 1.1 are not accepted. Strategic planning data including SWOT Analysis inputs, Porter's Five Forces competitive data, Blue Ocean Strategy market insights, and McKinsey 7-S Framework assessments transmit between management consultant browsers and StratEngine infrastructure through TLS encrypted connections preventing man-in-the-middle attacks and data interception. Professional services firms and corporate strategy teams accessing StratEngine from office networks, home offices, or public WiFi connections benefit from TLS 1.2+ encryption protecting confidential strategic planning data during transmission.

What is StratEngine AI's zero data retention policy?

The AI models behind StratEngine's analysis run with zero data retention by default: prompts and the generated analysis are not retained after the response is returned, and the data is not used for training future models. Both properties matter, and both are the default behavior of the AI providers we use, not a contract addendum specific to StratEngine. This is the central thing a public chatbot like ChatGPT cannot offer: in those products, user inputs may contribute to AI model training and improvement. For management consultants developing confidential client strategies, Fortune 500 executives creating proprietary strategic plans, and investors writing diligence memos on private deals, the AI providers processing the work delete the inputs and outputs immediately after generating the response.

How does StratEngine AI handle data retention by analysis mode?

Retention boundaries scale to artifact sensitivity. Strategy analyses live in StratEngine until you delete them and travel with your account. Investment analyses (Investment mode) clear from our database the moment you export, leaving only a link to the artifact in your own storage. The retention boundary follows the sensitivity of the artifact, so deal-vetting memos do not accumulate inside StratEngine after the export is complete.

What infrastructure powers StratEngine AI security?

StratEngine runs on compliance-certified platforms that Fortune 500 buyers already accept: Google Cloud for compute, Supabase for the database, magic-link sign-in for identity, and OAuth 2.0 for storage connectors. We did not build a custom datacenter. Every layer of the runtime is a certified platform with its own independent audits. Management consultants and corporate strategy teams using StratEngine for client deliverables and proprietary strategic frameworks benefit from infrastructure security certifications that meet the most rigorous enterprise data protection requirements.

What is Google Cloud Platform security for StratEngine AI?

StratEngine's application runtime runs on Google Cloud Platform, which is independently certified to ISO 27001, SOC 2, PCI DSS, and FedRAMP. Google Cloud maintains the physical, network, and infrastructure security Google operates for Gmail and Google Workspace, including data center security, network security with DDoS protection, automated infrastructure patching, and application security with vulnerability scanning. Strategic planning data including SWOT Analysis frameworks, Porter's Five Forces assessments, and Blue Ocean Strategy insights stored on Google Cloud benefit from the same security protections Google implements for the consumer and enterprise products used by Fortune 500 organizations worldwide.

What is Supabase security for StratEngine AI?

StratEngine's database layer runs on Supabase. Postgres row-level security on Supabase enforces hard boundaries between workspaces at the database layer, not the application layer. A consultant's three client projects never share a query plane with each other or with anyone else's, and even a compromised application instance cannot read across tenants. Professional services firms storing multiple client strategies in StratEngine and Fortune 500 organizations managing departmental strategic plans rely on Supabase row-level security preventing data leakage between projects, clients, and business units.

How does StratEngine AI handle authentication?

StratEngine uses magic-link sign-in for user authentication: there is no password for StratEngine to store, lose, or have phished. When a user signs in, StratEngine emails a one-time link; clicking it logs the user in. There is no SAML SSO, no OIDC SSO, and no SCIM provisioning today. OAuth 2.0 is used only for storage connector consent — when you connect Google Drive, OneDrive, or Dropbox for import or export, that handshake uses OAuth 2.0 with minimum-privilege scopes, and the passwords for those storage accounts never reach StratEngine.

Where is StratEngine AI hosted?

StratEngine is hosted in US Central. The database layer is region-pinned. There is no EU or US-West deployment.

How does StratEngine AI secure the AI intelligence layer?

StratEngine uses enterprise-tier AI models with zero data retention by default, running on the same security-certified infrastructure trusted by Fortune 500 organizations for handling sensitive business data, confidential strategic plans, and proprietary competitive intelligence. Management consultants using StratEngine to generate SWOT Analysis frameworks, Porter's Five Forces assessments, Blue Ocean Strategy insights, and McKinsey 7-S Framework organizational designs benefit from AI processing environments where the AI provider's default behavior is to not retain prompts or outputs after the response is returned, and to not use customer inputs to train future models. The multi-layer security architecture ensures strategic planning data remains protected throughout AI processing workflows from initial framework input through strategic analysis generation to final brief or presentation export.

How do I get in touch with the StratEngine AI security team?

For security questions, compliance posture questions, or vendor security assessments, contact the StratEngine security team at info@stratengineai.com. We respond to security inquiries from professional services firms, Fortune 500 IT departments, and compliance officers evaluating StratEngine for enterprise deployment.